diff --git a/includes/classes/PHPFusion/UserFieldsInput.php b/includes/classes/PHPFusion/UserFieldsInput.php
index 4cdd79e1c3..f956c88bdc 100644
--- a/includes/classes/PHPFusion/UserFieldsInput.php
+++ b/includes/classes/PHPFusion/UserFieldsInput.php
@@ -666,15 +666,12 @@ public function saveUpdate() {
 
         // hidden input tamper check - user_hash must not be changed.
         // id request spoofing request
-        $a_check = ($this->userData["user_password"] != sanitizer("user_hash", "", "user_hash"));
-        $b_check = ($this->userData['user_id'] != fusion_get_userdata('user_id'));
-        // for admin with sufficient rights, skip all these formats
-        if (iADMIN && checkrights("M")) {
-            $a_check = FALSE;
-            $b_check = FALSE;
-        }
-        if ($a_check or $b_check) {
-            fusion_stop();
+        if (!(iADMIN && checkrights('M')) ||
+            ($this->userData['user_password'] != sanitizer("user_hash", "", "user_hash")) ||
+            ($this->data['user_id'] != fusion_get_userdata('user_id'))) {
+            fusion_stop($locale['error_request']);
+
+            return FALSE;
         }
 
         // check for password match